Quis custodiet ipsos custodes?

by Whaleoil Staff on December 18, 2014 at 8:00am

by Pete

Quis custodiet ipsos custodes? Who watches the watchmen?

How would you feel if The Herald, Fairxfax, The Press, The Dominion Post, Mediaworks, TV3… and so on, had access to all the people in your contact list? How about, all the web sites you visit? How about all the other software you run? How about your bookmarks?

It’s all a matter of trust. (Part 1)

Trust is a big thing these days. Information about us is recorded everywhere, often without our knowledge. And some of it is shared. Also without our knowledge.

Finally, some organisations actively set out to gather information from and about you, and they may not be upfront as to why they do it, what they do, and how they use the information afterward.

One area in our lives where information is just sucked out of us at a great rate of knots is through our electronic Internet-connected devices.

For example, I knowingly give Google access to all my emails, all my photos, all my contacts, because as an organisation they have told me they do it, they told me how they are going to use it, and I have the ability to remove any or all of it from their control at any time. I also trust them to stop using my information if I withdraw it.

Similarly, I provide information to my insurance company. They need a lot of it to assess the risk they are taking on. I understand this. I also understand that they will not take that information and use it in a way that isn’t related to risk assessment for my policies, or using it for generalised demographical statistical analysis.

Here is a question I’d like you to ponder:

How would you feel if The Herald, Fairxfax, The Press, The Dominion Post, Mediaworks, TV3… and so on, had access to all the people in your contact list? How about, all the web sites you visit? How about all the other software you run? How about your bookmarks?

A few days ago the Stuff.co.nz app for Android updated, and had the following additional permissions:

I contacted Fairfax but over 48 hours later, I’m yet to get a reply. I’m assuming they don’t want to talk about this.

My question to them was: What is the justification for a news app to have access to a person’s browsing history and bookmarks, when the app’s purpose is to deliver news from the Fairfax news server to the user … to read?

There may be a perfectly sensible answer to this, but as they have not bothered to reply, we’re now down to having to question the purpose, and possibly our ability to imagine what is being done with this information might be worse than reality.

Even so, do you trust a news gathering organisation to deal with information that you have given them access to in a way that you will be OK with?

It’s all a matter of trust. (Part 2)

As I was already working on this story, it was rather interesting to get this from a reader:

On 3 December I joined Neighbourly.
On 10 December Fairfax announced it had bought 22.5% of Neighbourly.
On 10 December I received an email from Stuff Nation thanking me for signing up.
I haven’t joined Stuff Nation and would not.

Neighbourly tells me it must be a coincidence.

Stuff Nation hasn’t replied.

Maybe some of your readers have seen a similar coincidence?

As the people at Fairfax appear to not respond to anyone asking what they are up to with our personal data, it is starting to get to the point where we have to wonder what is going on, what the plan is, and where it is going to end?

We have seen in recent times through various court cases and other media behaviour that the likes of the NZ Herald, TV3, etc, and organisations like NZME, Fairfax and Mediaworks operate under a very specific set of rules of engagement, being

If the information has been legally obtained by the media organisation, then the media organisation will delve into it looking for anything of public interest. If the information was stolen, or captured for purposes other than use by the media organisation, and in fact is clearly not to be used by the media organisation using all reasonable moral and ethical standards, then the discovery of information that is of public interest survives as the most important consideration. Morals, ethics and privacy do not survive the public interest test.

The last 18 months or so have been as fascinating as they have been chilling for media and public alike. We’ve seen courts tell journalists that they aren’t. We’ve seen courts tell bloggers that they are journalists. We’ve seen courts say journalists must reveal sources in spite of legal protections in law. We’ve seen a process where anonymous people work hand in hand with media to publish information on the Internet, unchecked, unverified, and the media then pick it up, no matter that the information was a severe breach of privacy, and at times obtained through crime. The mere fact it was obtained by crime makes it worthy of public interest. Not much of a test, is it?

This against a backdrop of very loud complaints about “state powers” on surveillance being extended so the government agencies can keep a legal eye on about 80 people of concern.

It’s all a matter of trust. (Part 3)

Would you let David Fisher have unrestricted access to your computer? Would you let Andrea Vance have unrestricted access to your phone?

How is this any different to Fairfax clearly going on the path of obtaining your consent to access browser history and bookmarks? They have the ability to see that you bookmarked pages on Alzheimer’s. Or they can see you ordered an ISIS flag over the Internet. (or belong to the Sex Toy of the Month club).

Do you TRUST Fairfax not to go proactively looking for things? You have after all agreed to let them look. It is legal.

Do you TRUST Fairfax not to use anything that they justify is “in the public interest”?

It’s all a matter of trust. (Part 4)

Where the wheels come off is that Fairfax have not stated, in advance, what they are capturing, why, what it is being used for, how, and what happens when you stop using their App? Does the information get destroyed, etc.

By not front footing it, but instead advancing their information gathering through stealth, they fail the “Trust” test.

Your obvious remedy is to stop using the software. Or don’t sign up to “Stuff Nation”, or other web sites. But that doesn’t stop the advance of media organisations entering our private lives at a level that is unprecedented. Worse, they now have access to information you may simply not understand they have access to.

This is a long bow to draw, but I want to use this example: Say I do not run any of this software, and I have kept myself completely safe and separated from Fairfax’s attempts to get my information. I am safe, right?

Nope. Because in interacting with other people, I leave a digital footprint on their devices also. And if they have allowed Fairfax access, my privacy is still in danger, especially if I am a person “of public interest”.

An example may help. Two other Stuff Fairfax app permissions are: See what activity is on the device, and See what apps are running. This may be completely innocent, but in the absence of Trust, I can see a situation where I can call someone, and the phone can be queried as to who called, when and for how long (app activity, apps that run).

Imagine John Key has an Android phone with stuff.co.nz loaded, and I don’t. Yet if I call John Key, stuff.co.nz could conceivably know about it.

NO, I AM NOT SAYING THAT’S WHAT THEY ARE DOING. Please refer to the “long bow to draw” caveat. But even so, it comes down to trust.

And do you trust self-interested media organisations to deal with legally obtained information in such a way that they do not go trawling?

Fishing expeditions

Search warrants are not granted because police think it would be interesting to have a look through your home. They need to have a reasonable suspicion. They need to explain that to a judge. These are the checks and balances we expect to be in place.

There is no such mechanism in place for media. Right now, “media case law” and practices clearly show that fishing expeditions for “public interest” material through private data are completely legal. And… they are doing it.

The only barrier is that the media organisation can’t go and start sniffing around your information without your permission. They get around that by accessing your phone, computer, etc with your permission. And in the event someone else obtained your private data against your will or knowledge, they can still go dig around that to see if there is anything that stands the “public interest” test.

If all that fails, they have a mechanism where they can have a hands-off relationship with someone who will publish it to the Internet. At that point, the Public Interest case is immediately established, and everything is fair game.

Where from here?

This is where it gets tricky. I have had access to emails that were private to someone. They were given to me to look through because I held a genuine belief that it may back up suspicions I have about this individual breaking the law. I didn’t steal the emails. I don’t know if they were obtained illegally, but it is fair to say that very few people would want their emails to be “out there”, let alone in the hands of a media organisation.

I think the clear difference is how access to the private data occurs. If the media organisation is the one doing the digging, even if it does so legally, that’s probably a step too far. There has to be a leak or a whistle blower. The media org should not be digging around private information looking for a story. The story should already exist. And the public interest test needs to be larger than “Oh, but he is a public figure, everything he does is in the public interest”.

I have no answers. I only have problems.

And personally, I can see this getting worse before it gets better.

Quis custodiet ipsos custodes?

It appears hackers and citizen journalists are joining the throng of people searching for and through private lives to expose to the public. The danger to journalists is that those who live by the sword may very well end up dying by the sword as their own private lives will get unpacked. I mean, there has to be public interest about what was in the emails between Andrea Vance and Peter Dunne, right? And what about the private emails between David Fisher and Kim Dotcom? Public Interest Gold!

And that would be work related. What about a journalist’s affairs? Or drug taking.

I see a turbulent few decades coming up where we’re going to try and get our heads around the issues of privacy and the media in the Internet age. The courts will severely lag behind in understanding the issues at hand (as we’ve seen!), and it’s going to be a mess before it gets any better.

In the mean time, you can make it harder on them by removing as much of your life from electronic devices as you can, and being extremely discerning as to “who” you let into your phone or other devices.

But to be honest, I see it as a losing battle. With hackers in the mix, medical records, school databases and many other sources of information are accessible to anyone who has the determination to do so.

One thing is for sure: we can not rely on media to have our best interest at heart when it comes to privacy. Media and privacy are diametrically opposed.

Do you want:

Ad-free access?

Access to our very popular daily crossword?

Access to daily sudoku?

Access to Incite Politics magazine articles?

Access to podcasts?

Access to political polls?

Our subscribers’ financial support is the reason why we have been able to offer our latest service; Audio blogs.